AttackFeed by Joe Wagner | RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction  - Full Disclosure

RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction  – Full Disclosure

Posted on By Joe-W No Comments on RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction  – Full Disclosure
Alert Feeds

 

Posted by Ron E on Jan 10

A stack-based buffer overflow vulnerability exists in the tapslip6 utility
distributed with RIOT OS (and derived from the legacy uIP/Contiki
networking tools). The vulnerability is caused by unsafe string
concatenation in the devopen() function, which constructs a device path
using unbounded user-controlled input.
Specifically, tapslip6 uses strcpy() and strcat() to concatenate the fixed
prefix “/dev/” with a user-supplied device name…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
BSidesSF 2026 CFP still open until October 28th  – Full Disclosure
October 21, 2025
Alert Feeds
CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series  – Full Disclosure
September 25, 2025
Alert Feeds
runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881  – Full Disclosure
November 7, 2025
Alert Feeds
Backdoor.Win32.Netbus.170 / Insecure Credential Storage / MVID-2025-0703  – Full Disclosure
December 28, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.